Akankasha Dewan 18 June 2019 17:36:47 AEST 3 MIN READ

Transfer confirmation email spoofing Zenith Bank is actually a phishing scam

Following NABWestpacANZ and BankWest, another bank has now been embroiled in an email scam. MailGuard intercepted a phishing email scam spoofing Zenith Bank that is designed to harvest confidential details of users.

First detected early on Monday, 17th June (AEST), the email claims to come from ‘Zenith Bank’ using the domain zenith.com, which is also present in the email signature. However, we found that the real domain for Zenith Bank is "zenithbank.com".

The email body is quite short, advising recipients that they have a new ‘PDF ACH transfer confirmation document shared with Zenith Bank Plc.’

The recipient is asked to view the online document by logging in with their existing email and password via an included link. Here is a screenshot of the email:

Zenith email blog

Unsuspecting recipients who click on the link titled ‘’Click here’ are redirected from sendgrid.net to windows.net, leading to a page branded with the Adobe PDF logo. Here the user is invited to insert his or her login credentials. It's unclear which credentials should be inserted – either Adobe's credentials or Zenith Bank's, as per below:

Zenith Bank 2

MailGuard has found that once the user’s credentials are inserted, the page leads to a dead end. While this variation of a phishing scam is multi-staged and incorporates an Adobe logo, it is less sophisticated than other email scams spoofing banks that MailGuard has intercepted in the past.  

The lack of a personalised, direct greeting and jolted sentence structures (including grammatical errors within the subject body) are hints that the text isn’t the work of a professional. Examples include “this message was auto-generated by Zenith online system”.

Whilst MailGuard is stopping this email scam from reaching end-users and businesses, we encourage all email users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files, especially with an .exe file extension.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates